Skip to main content

Test your Test Environment

Aaron LippoldJanuary 5, 2024About 2 min

Getting to know the Testing Suite

Once you've set up the necessary tools, you're ready to run the profile. The testing environment is determined by Test Kitchen using environment variables.

There are four testing environments to choose from:

  1. AWS VPC Testing: This environment uses an AWS VPC for testing.
  2. Docker Testing: This environment uses Docker containers for testing.
  3. Vagrant Testing: This environment uses Vagrant virtual machines for testing.
  4. Local Testing: This environment uses your local machine for testing.

The specifics of each environment's configuration are detailed in the following sections.

Getting Your First Test Kitchen (TK) Run

For each of these examples, you need to update the KITCHEN_LOCAL_YAML environment variable to point to the correct kitchen.<TEST-TARGET>.yaml file. Ensure that any required supporting environment settings, environment variables, profiles, etc., are in place. See Environment Variables and Testing Target Environments for more information.

Learn more about the Test Kitchen project at: kitchen.ci

Kitchen Stages

Test Kitchen has four major steps: create, converge, verify, and destroy. Use these stages to create, configure, run tests, and destroy your testing target. When starting your testing, it's useful to run each of these in turn to ensure your environment, Test Kitchen, and credentials are set up and working correctly.

  1. create:
    The create stage sets up your testing instance and prepares the necessary login credentials and other components so you can use your testing target.
  2. converge:
    The converge stage runs the provisioner of the Test Kitchen suite - the configuration management code set up in the test suite. This could be any configuration management script, such as Ansible, Chef, Puppet, Terraform, Shell, etc., that you and your team use.
  3. verify:
    The verify stage runs the actual InSpec profile against your testing target. Test Kitchen supports multiple testing frameworks, which are well documented on the project website.
  4. destroy:
    The destroy stage tears down your test target - like an EC2 instance, Docker container, or Vagrant Box.

During your testing, you will use each of these steps to run the full profile, run individual controls (using the INSPEC_CONTROL environment variable), and manage your test instances. You will also use other Test Kitchen commands, such as login, test, and others, which are documented on the Test Kitchen Project page.

You can also isolate which of the 'target suites' - either vanilla or hardened in our case - to run by appending either hardened or vanilla to the end of your Test Kitchen command. For example, bundle exec kitchen verify will run the Test Kitchen stages all the way through verify on both the hardened and vanilla suites. However, if you say, bundle exec kitchen verify vanilla, it will only run it on the vanilla test target.

Useful Test Kitchen Commands

  • login: Allows you to easily log in using the credentials created when you ran bundle exec kitchen create.
  • test: Runs all the Test Kitchen stages starting with create through destroy to easily allow you to go through a full clean test run.
Apache-2.0 | Copyright © 2022 - The MITRE Corporation
Copyright © 2024 Aaron Lippold